Update 2 - Unauthorised Access of Third Party Vendor IT Systems
At Aurizon, we take personal information and privacy seriously. As reported in the media, we are among a number of large Australian organisations affected by the unauthorised access of the PageUp system.
We recognise this is a serious matter for all people who have used the PageUp system and as such, we are committed to providing timely and open communication to keep our employees and previous applicants informed of the situation.
Yesterday, the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC) and IDCARE released a ‘Joint Statement on the PageUp Limited Data Incident’ in relation to this issue, which provides additional information from Australia’s cyber security experts. In particular, the statement includes the following new information:
“While recognising that investigations are ongoing and that the situation may therefore change, the ACSC emphasises that there is a significant distinction between information being accessed (which means there has been a systems breach) and information being exfiltrated by the offender. In other words, no Australian information may actually have been stolen.”
As promised, we will continue to provide updates on this page as we learn any new information about this issue.